PT-2019-13393 · Tridium · Niagara Ax+3

Published

2019-09-24

Updated

2020-10-16

CVE-2019-13528

CVSS v3.1

4.4

Medium

Vector

AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Niagara AX version 3.8u4 Niagara version 4.4u3 Niagara version 4.7u1

Description A specific utility may allow an attacker to gain read access to privileged files. This issue affects various JACE and Edge devices.

Recommendations For Niagara AX version 3.8u4, update to a version that includes the necessary security patches. For Niagara version 4.4u3, apply the recommended security fixes to prevent unauthorized access. For Niagara version 4.7u1, restrict access to sensitive files until a patch is available.

Fix

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285

Related Identifiers

CVE-2019-13528

Affected Products

Edge

Jace

Niagara

Niagara Ax

PT-2019-13393 · Tridium · Niagara Ax+3

CVE-2019-13528

Weakness Enumeration

Related Identifiers

Affected Products

References · 3